CVE-2021-44405

Vulnerability

The vulnerability resides in the JSON command parser of cgiserver.cgi on the Reolink RLC-410W camera running firmware version v3.0.0.136_20121102. The parser fails to properly validate the StartZoomFocus parameter, which is expected to be an object but can be supplied as a different type. This improper input validation (CWE-20) allows a specially crafted HTTP request to crash the cgiserver.cgi process, triggering an immediate device reboot [1].

Exploitation

An attacker can exploit this vulnerability by sending a single, specially crafted HTTP request to the camera's web interface. No authentication is required, and the request can be sent over the network without any user interaction. The malformed StartZoomFocus parameter causes the JSON parser to enter an invalid state, leading to the termination of the cgiserver.cgi process and subsequent reboot of the device [1].

Impact

Successful exploitation results in a denial of service (DoS) condition through an unplanned reboot of the camera. The impact is limited to availability; no data confidentiality or integrity is compromised. The CVSS v3.0 score is 8.6 (High) with a network attack vector, low complexity, no privileges required, no user interaction, and changed scope [1].

Mitigation

As of the advisory publication date (January 2022), no official firmware patch has been released by Reolink to address this vulnerability. Users should restrict network access to the camera (e.g., via firewall rules or VLAN segmentation) and monitor the vendor's support page for future firmware updates. If the device is no longer supported, replacement with a patched model may be necessary [1].